SMS Phishing

Last Updated: September 17, 2012

Definition - What does SMS Phishing mean?

SMS phishing occurs when a cell phone receives a SMS (Instant Message or IM) from a fake person or entity. The unsuspecting cell phone user will respond to a fake SMS and visit a URL, inadvertently downloading malware and installing a Trojan without the user's knowledge. Phishing is all about extracting useful information, so in the case of SMS phishing, the Trojan harvests the data areas of the cellphone and transmits them to the person who created the Trojan at the earliest opportunity.

SMS phishing is also known as SMiShing.

Free White Paper: "AI and ML in the Oil and Gas Industry". Take a look at 10 real-world use cases that demonstrate how AI and ML are already being used in the oil and gas industry, and how AI innovation can help renew the industry.

Techopedia explains SMS Phishing

SMS phishing attempts occur when cell phone user is the recipient of a message acknowledging receipt of an unknown purchase. To terminate bogus purchases and avoid monthly or daily charges, consumers are directed to phishing websites. Unknowingly, customers go directly to the website, allowing hackers to access personal cell phone information. SMS phishing has become increasingly prevalent on social website networks, such as Facebook.

SMS Phishing is a way of performing identity theft, as the inadvertently downloaded malware captures and transmits all of the stored cellphone data, including stored credit card details, names, addresses and other data, like password details for email accounts, which, when opened, increase the vulnerability of online banking and other accounts.

The malware can then cover its tracks by wiping the phone clean, including all call records, causing repeated rebooting or similar odd behavior rendering the phone unusable. Thus, the original phishing attack is easily unnoticed by the user.

Viruses and phishing scams are far reaching to all types of digital devices. Wise consumers should choose their products according to available product security software and data recovery technologies.